Date: Mon, 19 Feb 2001 23:42:59 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Brent <bierblb@netins.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Port Scanning Message-ID: <20010219234259.C77228@mollari.cthul.hu> In-Reply-To: <CLEBKGOHKNELHPEDDJJIAEJOCJAA.bierblb@netins.net>; from bierblb@netins.net on Tue, Feb 20, 2001 at 12:12:32AM -0600 References: <CLEBKGOHKNELHPEDDJJIAEJOCJAA.bierblb@netins.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Tue, Feb 20, 2001 at 12:12:32AM -0600, Brent wrote: > I have a couple questions: > > 1) What does these errors mean? I am getting quite a few. > > icmp-response bandwidth limit 216/200 pps > icmp-response bandwidth limit 231/200 pps Search the mailing list archives for a description of what's going on. > 2) What are some good programs to use to watch for ping floods and port > scans? I use portsentry currently, but that doesn't do very well in the > ping flood area as it does in the port scanning, since it just watches for > traffic over certain ports. You can't go past snort, IMO. Use the vision.conf file downloaded from www.whitehats.com/ids Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6kiADWry0BWjoQKURAmobAKDa49KcBVi57ou6vd8VbB/iebd/jQCgrHOT ToU4nuvn/yf6THYzlW8UACE= =Z4BM -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010219234259.C77228>